P
US12348554B2ActiveUtilityPatentIndex 62

Threat mitigation system and method

Assignee: RELIAQUEST HOLDINGS LLCPriority: Feb 23, 2023Filed: Feb 22, 2024Granted: Jul 1, 2025
Est. expiryFeb 23, 2043(~16.6 yrs left)· nominal 20-yr term from priority
Inventors:MURPHY BRIAN PPARTLOW JOEO'CONNOR COLINPFEIFFER JASONMURPHY BRIAN PHILIPECHAVARRIA JONATHAN R
H04L 41/16G06F 40/56G06F 21/566G06N 3/0475G06F 2221/034G06F 40/154G06F 40/103H04L 63/1425G06F 21/554G06F 21/552H04L 63/1416G06F 16/345H04L 63/1441
62
PatentIndex Score
0
Cited by
168
References
24
Claims

Abstract

A computer-implemented method, computer program product and computing system for establishing connectivity with a plurality of security-relevant subsystems within a computing platform; receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event; and iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method executed on a computing device comprising:
 training one or more agents to detect security events based upon one or more of archived data concerning activities and supplemental information; 
 monitoring, by the one or more agents deployed within one or more of a plurality of security-relevant subsystems within a computing platform, activity within the one or more of the plurality of security-relevant subsystems; 
 establishing connectivity with the plurality of security-relevant subsystems within the computing platform; 
 receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event; 
 iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification; 
 prompting a user to provide feedback concerning the summarized human-readable report; and 
 revising the formatting script based upon, at least in part, provided feedback; 
 
       wherein the formatting is revised, at least in part, to produce a new summarized human-readable report with updated recommended mitigation actions. 
     
     
       2. The computer-implemented method of  claim 1  wherein receiving an initial notification of a security event from one of the security-relevant subsystems includes:
 receiving the initial notification of the security event from an agent executed on one of the security-relevant subsystems. 
 
     
     
       3. The computer-implemented method of  claim 1  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 iteratively processing the initial notification using the generative AI model, the formatting script and/or one or more tools to produce the summarized human-readable report for the initial notification. 
 
     
     
       4. The computer-implemented method of  claim 3  wherein the one or more tools includes one or more of:
 a decoding tool to decode an encoded initial notification; 
 a decompression tool to decompress a compressed initial notification; and 
 an identification tool to identify an owner of a domain associated with the initial notification. 
 
     
     
       5. The computer-implemented method of  claim 1  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 iteratively processing the initial notification using a large language model. 
 
     
     
       6. The computer-implemented method of  claim 1  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 utilizing prompt engineering to produce the summarized human-readable report for the initial notification. 
 
     
     
       7. The computer-implemented method of  claim 1  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 utilizing several loops and/or nested loops to produce the summarized human-readable report for the initial notification. 
 
     
     
       8. The computer-implemented method of  claim 1  wherein the summarized human-readable report defines recommended next steps and/or disclaimers. 
     
     
       9. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
 training one or more agents to detect security events based upon one or more of archived data concerning activities and supplemental information; 
 monitoring, by the one or more agents deployed within one or more of a plurality of security-relevant subsystems within a computing platform, activity within the one or more of the plurality of security-relevant subsystems; 
 establishing connectivity with the plurality of security-relevant subsystems within the computing platform; 
 receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event; 
 iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification; 
 prompting a user to provide feedback concerning the summarized human-readable report; and 
 revising the formatting script based upon, at least in part, provided feedback; 
 
       wherein the formatting is revised, at least in part, to produce a new summarized human-readable report with updated recommended mitigation actions. 
     
     
       10. The computer program product of  claim 9  wherein receiving an initial notification of a security event from one of the security-relevant subsystems includes:
 receiving the initial notification of the security event from an agent executed on one of the security-relevant subsystems. 
 
     
     
       11. The computer program product of  claim 9  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 iteratively processing the initial notification using the generative AI model, the formatting script and/or one or more tools to produce the summarized human-readable report for the initial notification. 
 
     
     
       12. The computer program product of  claim 11  wherein the one or more tools includes one or more of:
 a decoding tool to decode an encoded initial notification; 
 a decompression tool to decompress a compressed initial notification; and 
 an identification tool to identify an owner of a domain associated with the initial notification. 
 
     
     
       13. The computer program product of  claim 9  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 iteratively processing the initial notification using a large language model. 
 
     
     
       14. The computer program product of  claim 9  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 utilizing prompt engineering to produce the summarized human-readable report for the initial notification. 
 
     
     
       15. The computer program product of  claim 9  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 utilizing several loops and/or nested loops to produce the summarized human-readable report for the initial notification. 
 
     
     
       16. The computer program product of  claim 9  wherein the summarized human-readable report defines recommended next steps and/or disclaimers. 
     
     
       17. A computing system comprising:
 a hardware processor and physical memory configured to perform operations comprising:
 training one or more agents to detect security events based upon one or more of archived data concerning activities and supplemental information; 
 monitoring, by the one or more agents deployed within one or more of a plurality of security-relevant subsystems within a computing platform, activity within the one or more of the plurality of security-relevant subsystems; 
 establishing connectivity with the plurality of security-relevant subsystems within the computing platform; 
 receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event; 
 iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification; 
 prompting a user to provide feedback concerning the summarized human-readable report; and 
 revising the formatting script based upon, at least in part, provided feedback; 
 
 wherein the formatting is revised, at least in part, to produce a new summarized human-readable report with updated recommended mitigation actions. 
 
     
     
       18. The computing system of  claim 17  wherein receiving an initial notification of a security event from one of the security-relevant subsystems includes:
 receiving the initial notification of the security event from an agent executed on one of the security-relevant subsystems. 
 
     
     
       19. The computing system of  claim 17  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 iteratively processing the initial notification using the generative AI model, the formatting script and/or one or more tools to produce the summarized human-readable report for the initial notification. 
 
     
     
       20. The computing system of  claim 19  wherein the one or more tools includes one or more of:
 a decoding tool to decode an encoded initial notification; 
 a decompression tool to decompress a compressed initial notification; and 
 an identification tool to identify an owner of a domain associated with the initial notification. 
 
     
     
       21. The computing system of  claim 17  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 iteratively processing the initial notification using a large language model. 
 
     
     
       22. The computing system of  claim 17  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 utilizing prompt engineering to produce the summarized human-readable report for the initial notification. 
 
     
     
       23. The computing system of  claim 17  wherein iteratively processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification includes:
 utilizing several loops and/or nested loops to produce the summarized human-readable report for the initial notification. 
 
     
     
       24. The computing system of  claim 17  wherein the summarized human-readable report defines recommended next steps and/or disclaimers.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.